Do banks think we are stupid?

This topic is mostly so share some of my frustration

I just got an offer from my bank account in order to pay something like 16$ to have a security for identity theft with the argument of "what if somebody steals your credit card or now days they just have to memorize your code to buy things online". I am laughing inside but I see that my wife is considering it. Obviously banks know that these can of services work, since they were "a lot of people buy this".

At the same time I am working for a company that creates secure chips that are used in banking. I know by fact that in order to put a chip on a card (if they don't already have it) it costs something like a couple of dollars. Practically nothing for a credit card. The question is why don't they use secure credit cards rather than selling a service?

I mean, you can buy things by entering a code online. That is the security system they have chose. From all possible security methods they choose to be able just to enter a code. And then the banks are advertising counter measurements. Really?

The only reasonable answer on why they don't use a serious security is that they don't really care at the moment, so please don't try to sell me some stupid security package.

Not sure about the US, but over here, unless you were demonstrably negligent leading to your cards data being stolen, you are not liable for fraudulent usage except for a small fixed amount (usually £50 but even this is rarely enforced).

So when my bank tries to sell me such cover I tend to feel a mix between amusement and anger.

Same with payment protection on loans - the interest they charge is adjusted to factor in the risk that I default (as are most commercial interest rates). Then they want me to take out payment protection to cover them again?

Seems like many problems the banks find these days can be repackaged as a product to sell back to us!

I think in the US it is the same, their stupid services are more like an enhanced service of what is already provided.

In the US, when I came here from Europe, the whole think with credit cards and such seemed to be a big deal. Like there is a "great risks nowdays so be careful" kind of thing. My biggest problem is that the media don't really inform the people about the lack of security being the bank's choice, the bank's don't admit it or say "its ok, what do you worry we already cover you for free?", but they want to sell more security implying that that is the best they can do. The people are clearly misleaded.

I use BOA and they have a guarantee that you will not be charged for any fraudulent activity on your account. Recently I experienced just how tight their security is when they disabled my card while on vacation b/c my spending patterns did not line up with what the computer deemed 'normal'. I had to call them and after answering a ton of security questions about myself that were even hard for me to answer (having to do with how, when, where, and the what of my bank account) they finally reactivated it. They also asked me when I would be back in the area b/c it is possible my account would be tagged as suspicious and the card and account disabled again.

It was very inconvenient at the time but it is nice to know that when they say they are serious about security they actually mean it.

For the last few years my credit card has been getting disabled about every 6-9 months, and when they ask me to verify the last 5-10 transactions, they're all places that I go to on a regular basis!! Unfortunately they can't just re-enable my card, I have to wait a week for them to send me a new one...

As for those security chips; I don't see how that can make a credit card any more secure? Unless I'm mistaken, you can still swipe it on a card reader that doesn't use the chip, and you can still buy stuff online with it, so can't someone just record your card # and buy stuff online?

"I am probably the laziest programmer on the planet, a fact with which anyone who has ever seen my code will agree." - esbo, 11/15/2008

"the internet is a scary place to be thats why i dont use it much." - billet, 03/17/2010

I get maybe two dozen requests for help with some sort of programming or design problem every day. Most have more sense than to send me hundreds of lines of code. If they do, I ask them to find the smallest example that exhibits the problem and send me that. Mostly, they then find the error themselves. "Finding the smallest program that demonstrates the error" is a powerful debugging tool.

For the last few years my credit card has been getting disabled about every 6-9 months, and when they ask me to verify the last 5-10 transactions, they're all places that I go to on a regular basis!! Unfortunately they can't just re-enable my card, I have to wait a week for them to send me a new one...

As for those security chips; I don't see how that can make a credit card any more secure? Unless I'm mistaken, you can still swipe it on a card reader that doesn't use the chip, and you can still buy stuff online with it, so can't someone just record your card # and buy stuff online?

If the bank doesn't support it no, they wouldn't be able to.
But even now they could offer some options at least. I ask them "can you disable online withdrawals from my bank account" so people can only put money electronically and in order to withdraw/transfer them you have to swipe a debit card or physically go to the bank. I just want people to be able to sent me money on one bank account.
The answer is "no, that is not possible". You restrict access to your personal computer but not on your own bank account...

My card has also been disabled two or three times in the last 2 years. The bank doesn't give out information as to which merchant compromised it. They say they don't want me to avoid any store just because one employee there is a crook. I don't agree. The public ought to know at which specific store the credit card got compromised, and should be assured that the employee is in jail before I am going back to purchase there again.

But the bank would rather do nothing and absorb the loss. As long as they back out the purchases that are not mine. So far they have been helpful and have taken the fraudulent purchases off. However, I still don't like the way banks protect criminals by not telling me what really went on. I would like the right to boycott, even if it's irrational. If I am unable to do that then I feel helpless.

The chip is useless in preventing fraud. I've read about stores being broken into and their cash register hard-drives stolen. It seems they sometimes contain unencrypted PIN numbers from customers.

Again, would it make sense for the public to boycott such a store when it had its hard-drives stolen? YES, because that would put the pressure on point-of-sales terminals to make them 100% secure.

However, I still don't like the way banks protect criminals by not telling me what really went on.

It's probably more to do with the person you're talking to being pretty clueless. It's extremely unlikely if they're the ones answering the phone and talking to customers that they are intelligent, motivated, and enjoying their job. They might be any of the 3, but I'm betting the combination is pretty rare. My insurance company is the same way. They've been having a lot of problems with their billing system for months. Every time I call to report a problem or find out what they're doing to fix it, I'm told there's a 'system error', but no one's ever been able to give ma straight answer about what happened, why it happens so often, or what they're doing about it. Why? Because they themselves don't know, and they don't care enough to go find out. No one grows up wanting to excel in the field of 'Customer Service Phone Representation'.

However, I still don't like the way banks protect criminals by not telling me what really went on.

Every time I ask them, they say they don't know what store it is because the police don't give them that information.

Since the bank has to pay for any fraudulent charges, I guess they have the right to cancel the card and send a new one, just to be safe (even though there were no fraudulent charges on my card); it's just really inconvenient since I have to wait for the new card, then change my info with any companies that do pre-authorized charges...

"I am probably the laziest programmer on the planet, a fact with which anyone who has ever seen my code will agree." - esbo, 11/15/2008

"the internet is a scary place to be thats why i dont use it much." - billet, 03/17/2010

The chip is useless in preventing fraud. I've read about stores being broken into and their cash register hard-drives stolen. It seems they sometimes contain unencrypted PIN numbers from customers.

A serious security system does not decrypt information except at the end-points. That is the point. But to encrypt the information you need a processing unit that can perform an encryption algorithm. Which should be in the chip, not anywhere else. If the card inserts in clear information to a middle media, like a PC for example, and that media encrypts the information and sends it then you have to protect both the card and the media, twice the work, which is pointless.
So concluding, the cash register should not be ABLE to have codes unencrypted.